Abstract: The present disclosure is directed to a monitoring system for automatically inferring, without human modelling input or information regarding actual physical network connectivity, a service architecture of a widely distributed service operated by an Infrastructure-as-a-Service (IaaS) tenant but deployed on a set of virtual resources controlled by an independent IaaS provider. The monitoring system can collect infrastructure metadata and/or system-level metric data characterizing the set of virtual resources from the IaaS provider, and automatically infer from the metadata and/or metric data how the virtual resources should be organized into groups, clusters and hierarchies. The monitoring system can automatically infer this service architecture using naming conventions, security rules, software types, deployment patterns, and other information gleaned from the metadata and/or metric data. The monitoring system can then run analytics based on this inferred service architecture to report on service operation.

Abstract: A data authenticity assurance method carried out by a management computer including: a first step of receiving the first data piece from the computer; a second step of selecting a plurality of second data pieces at predetermined intervals in chronological order from among the plurality of second data pieces held in the data holding part; a third step of performing an arithmetic operation for each of the hash values of the selected plurality of second data pieces; a fourth step of generating signature target data by combining the first data piece received from the computer with the hash values of the selected plurality of second data pieces; and a fifth step of generating a second data piece by assigning the digital signature to the signature target data by using the preset key, and holding the generated second data piece in chronological order sequentially in the data holding part.

Abstract: A system that incorporates the subject disclosure may perform, for example, operations including receiving an encrypted secure token from a secure token application function that is remote from the communication device, storing the encrypted secure token in a secure element memory of the secure element, accessing user input requesting the encrypted secure token where the secure device processor is separate from the secure element and is in communication with the secure element, generating a modified secure token by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information, receiving the modified secure token from the secure element, and providing the modified secure token to a receiving device. Other embodiments are disclosed.

Abstract: The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect a large number of documents without the need to remember all the document passwords. When opened, the secure document application generates a multi-dimensional code. The user scans the multi-dimensional code and validates the secure document application and triggers an out-of-band outbound mechanism. The portable mobile device invokes the authentication server to get authenticated. The authentication server authenticates the user based on shared secret key and is automatically allowed access to the secure document. The process of the invention includes an authentication server, a secure document application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional bar code) and handle incoming requests, secret keys and a portable communication device with a smartphone application.

Abstract: A technique provides access control. The technique involves prompting a user to enter color-shape pairings, and receiving multiple color-shape pairings from the user. Each color-shape pairing includes (i) a color selection from multiple selectable colors and (ii) a shape selection from multiple selectable shapes. The technique further involves generating an access control result based on the received multiple color-shape pairings, the access control result controlling access to a set of protected resources. For example, color segments can be displayed on a touch screen in the form of a color wheel, and multiple shapes can be rendered within each color segment. Alternatively, (i) a color palette including the multiple selectable colors and (ii) a shape menu including the multiple selectable shapes can be rendered on the touch screen to prompt the user to provide drag and drop gestures over the touch screen. Other configurations are suitable for use as well.

Abstract: An electronic data sharing device configured to exchange a first tag with a corresponding tag from a further electronic data sharing device, wherein the first and second tags provide information that enables respective users of the electronic data sharing devices to share information via a server enabled internet-connected software system associated with the electronic data sharing devices, wherein the electronic data sharing device is either configured with a pre-shared key or is able to encrypt a session key, wherein the pre-shared key or session key are used to generate tags to ensure that: the electronic data sharing device and tags can only be made use of by the server.

Abstract: Systems and methods for remote control and management of medical workstations using an instant messaging infrastructure. A remote client, such as a mobile phone, laptop, tablet, or other computing device, is used to generate instructions or information requests in one or more data packets. The remote client sends the one or more data packets using the instant messaging infrastructure to a medical workstation at another location. A service application in communication with the medical workstation receives the data packets and causes the medical workstation to retrieve the requested information or execute the instruction. The communications between the remote client and the service application are encrypted and signed to ensure secure communications.

Abstract: A method and system for remote viewing of multimedia content using a multimedia content distribution network (MCDN) is configured to duplicate multimedia content displayed on a first MCDN terminal device and route the duplicate multimedia content to a second MCDN terminal device. The MCDN terminal devices may be coupled to a local network at an MCDN client premises. The MCDN terminal devices may also include wireless telephony devices for mobile remote viewing functionality. The method may include transcoding of the multimedia content into a format suitable for the second MCDN terminal device.

Abstract: A system and method for establishing secure communication between a first device and a second device, wherein the first device is behind a firewall. A Secure Shell (SSH) connection is established between the first device and the second device, wherein establishing a connection includes establishing a secured communications tunnel from the first device to the second device via an SSH protocol. The first device is registered with the second device, wherein registering includes sending an SSH protocol REGISTER DEVICE message from the first device to the second device.

Abstract: An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level.

Abstract: A method of searching encrypted data includes generating with a client computing device a search index identifier corresponding to a search term in an encrypted search table and transmitting the search index identifier, a first single use key and a second single use key to a server. The method includes generating a set of decrypted data with the server for a set of data in an encrypted search table corresponding to the search index identifier using the first single use key to decrypt a first portion of the data and the second single use key to decrypt a second portion of the data. The method further includes identifying one or more encrypted files stored on the server that include the encrypted search term based on the decrypted data from the search table, and transmitting the encrypted files or encrypted file identifiers to the client computing device.

Abstract: In a secret sharing process based on an improved threshold scheme, secret data is shared as shared data parts equal to or greater than a threshold value in number such that the secret data cannot be reconstructed from shared data parts less than the threshold value in number. Each of the shared data pieces is created essentially from a different combination of the secret data pieces and the data pieces for secret sharing computation. The secret sharing process allows an algorithm desired by the user to be freely incorporated, and can prevent the secret data to be easily reconstructed even when more shared data parts than the threshold value are acquired by a third party.

Abstract: Described systems and methods allow protecting a computer system from malware such as viruses, Trojans, and spyware. For each of a plurality of executable entities (such as processes and threads executing on the computer system), a scoring engine records a plurality of evaluation scores, each score determined according to a distinct evaluation criterion. Every time an entity satisfies an evaluation criterion (e.g, performs an action), the respective score of the entity is updated. Updating a score of an entity may trigger score updates of entities related to the respective entity, even when the related entities are terminated, i.e., no longer active. Related entities include, among others, a parent of the respective entity, and/or an entity injecting code into the respective entity. The scoring engine determines whether an entity is malicious according to the plurality of evaluation scores of the respective entity.

Abstract: The present disclosure provides techniques for authenticating a password. These techniques may enable a user terminal to retrieve a diagram using a computing device. The diagram is inputted by a user in a terminal and is displayed in form of a diagram in connection to a password. The computing device may then transfer operand points passed through by the diagram to a server terminal for password authentication, and then receive a result of the password authentication from the server terminal. These techniques improve password authentication security.

Abstract: A hypervisor includes an analysis trigger monitoring system. One or more analysis trigger parameters are defined and analysis trigger data representing the analysis trigger parameters is generated. The analysis trigger data is then provided to the analysis trigger monitoring system and the analysis trigger monitoring system is used to monitor at least a portion of the message traffic sent to, and/or sent from, a virtual asset controlled by the hypervisor to detect any message including one or more of the one or more analysis trigger parameters. A copy of at least a portion of any detected message including one or more of the one or more analysis trigger parameters is then transferred to one or more analysis systems for further analysis.

Abstract: A virtualized system that is capable of executing a computation that has been identified as a repeatable computation and recording various representations of the state of the computing environment throughout the execution of the repeatable computation, where the state of the computing environment can be cryptographically signed and/or verified using a trusted platform module (TPM), or other cryptographic module. For example, a TPM embedded in the host computing device may generate a hash measurement that captures the state of the repeatable computation at the time of the computation. This measurement can be digitally signed using one or more cryptographic keys of the TPM and recorded for future use. The recorded state can subsequently be used to repeat the computation and/or determine whether the computation was repeated successfully according to certain defined criteria.

Abstract: A service proxy services as an application programming interface proxy to a service, which may involve data storage. When a request to store data is received by the service proxy, the service proxy encrypts the data and stores the data in encrypted form at the service. Similarly, when a request to retrieve data is received by the service proxy, the service proxy obtains encrypted data from the service and decrypts the data. The data may be encrypted using a key that is kept inaccessible to the service.

Abstract: A computer-based method and system for detecting violation of intellectual property rights of a digital file, comprising, in a distribution channel, digitally sending or streaming the file from a sending party to a receiving party, adding a watermark to the digital file at the sending party prior to sending or streaming the file, wherein the watermark comprises an identifier of the sending and receiving party(s), as well as a unique file ID. In one embodiment, the party is informed about user and/or customer behavior, and can take precautions.

Abstract: A method of operation includes detecting that a wearable device is being worn, receiving a certificate from a primary device over a secure wireless link where the wearable device is paired to the primary device using the secure wireless link, storing the certificate in memory of the wearable device, and sending the certificate, over the secure wireless link, to the primary device to unlock the primary device. The method may further include detecting that the wearable device is no longer being worn, and eradicating the certificate from memory of the wearable device in response to detecting that the wearable device is no longer being worn. In some embodiments, the method may also include detecting that the secure wireless link is disconnected, and eradicating the certificate from memory of the wearable device in response to detecting that the secure wireless link is disconnected. The present disclosure also provides a wearable device.

Abstract: Trusted e-mail communication may be provided. A message source organization may be validated. When a message is received from the validated message source organization for a recipient organization, a determination may be made as to whether the recipient organization supports an attribution data extension. If so, the message may be transmitted to the recipient organization with an attribution element associated with the message source organization.